Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | */ |
| 5 | |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 6 | #include <stdint.h> |
| 7 | #include <stdio.h> |
| 8 | |
Joel Kitching | a82bb0e | 2021-01-18 15:37:56 +0800 | [diff] [blame] | 9 | #include "2common.h" |
Joel Kitching | ffd42a8 | 2019-08-29 13:58:52 +0800 | [diff] [blame] | 10 | #include "2rsa.h" |
| 11 | #include "2sysincludes.h" |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 12 | #include "file_keys.h" |
Joel Kitching | ffd42a8 | 2019-08-29 13:58:52 +0800 | [diff] [blame] | 13 | #include "host_key.h" |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 14 | #include "rsa_padding_test.h" |
| 15 | #include "test_common.h" |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 16 | |
Kangheui Won | 4c523ed | 2020-10-02 11:09:06 +1000 | [diff] [blame] | 17 | vb2_error_t hwcrypto_modexp_return_value = VB2_SUCCESS; |
| 18 | vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key, |
| 19 | uint8_t *inout, |
| 20 | uint32_t *workbuf32, int exp) { |
| 21 | return hwcrypto_modexp_return_value; |
| 22 | } |
| 23 | |
| 24 | |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 25 | /** |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 26 | * Test valid and invalid signatures. |
| 27 | */ |
| 28 | static void test_signatures(const struct vb2_public_key *key) |
| 29 | { |
Bill Richardson | 73e5eb3 | 2015-01-26 12:18:25 -0800 | [diff] [blame] | 30 | uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES] |
Joel Kitching | 92ea19a | 2019-11-05 18:36:42 +0800 | [diff] [blame] | 31 | __attribute__((aligned(VB2_WORKBUF_ALIGN))); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 32 | uint8_t sig[RSA1024NUMBYTES]; |
| 33 | struct vb2_workbuf wb; |
| 34 | int unexpected_success; |
| 35 | int i; |
| 36 | |
| 37 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 38 | |
| 39 | /* The first test signature is valid. */ |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 40 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 41 | TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 42 | "RSA Padding Test valid sig"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 43 | |
| 44 | /* All other signatures should fail verification. */ |
| 45 | unexpected_success = 0; |
| 46 | for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) { |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 47 | memcpy(sig, signatures[i], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 48 | if (!vb2_rsa_verify_digest(key, sig, |
| 49 | test_message_sha1_hash, &wb)) { |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 50 | fprintf(stderr, |
| 51 | "RSA Padding Test vector %d FAILED!\n", i); |
| 52 | unexpected_success++; |
| 53 | } |
| 54 | } |
| 55 | TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs"); |
| 56 | } |
| 57 | |
| 58 | |
| 59 | /** |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 60 | * Test other error conditions in vb2_rsa_verify_digest(). |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 61 | */ |
| 62 | static void test_verify_digest(struct vb2_public_key *key) { |
Bill Richardson | 73e5eb3 | 2015-01-26 12:18:25 -0800 | [diff] [blame] | 63 | uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES] |
Joel Kitching | 92ea19a | 2019-11-05 18:36:42 +0800 | [diff] [blame] | 64 | __attribute__((aligned(VB2_WORKBUF_ALIGN))); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 65 | uint8_t sig[RSA1024NUMBYTES]; |
| 66 | struct vb2_workbuf wb; |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 67 | enum vb2_signature_algorithm orig_key_alg = key->sig_alg; |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 68 | |
| 69 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 70 | |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 71 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 72 | TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 73 | "vb2_rsa_verify_digest() good"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 74 | |
Randall Spangler | 225df79 | 2018-02-20 15:20:16 -0800 | [diff] [blame] | 75 | TEST_EQ(vb2_rsa_verify_digest(key, NULL, test_message_sha1_hash, &wb), |
| 76 | VB2_ERROR_RSA_VERIFY_PARAM, "vb2_rsa_verify_digest() bad arg"); |
| 77 | |
Kangheui Won | 4c523ed | 2020-10-02 11:09:06 +1000 | [diff] [blame] | 78 | key->allow_hwcrypto = 1; |
| 79 | memcpy(sig, signatures[0], sizeof(sig)); |
| 80 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 81 | hwcrypto_modexp_return_value = VB2_SUCCESS; |
| 82 | TEST_NEQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 83 | VB2_SUCCESS, "vb2_rsa_verify_digest() hwcrypto modexp fails"); |
| 84 | |
| 85 | memcpy(sig, signatures[0], sizeof(sig)); |
| 86 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 87 | hwcrypto_modexp_return_value = VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; |
| 88 | TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 89 | "vb2_rsa_verify_digest() hwcrypto modexp fallback to sw"); |
| 90 | key->allow_hwcrypto = 0; |
| 91 | |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 92 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 93 | vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 94 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 95 | VB2_ERROR_RSA_VERIFY_WORKBUF, |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 96 | "vb2_rsa_verify_digest() small workbuf"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 97 | vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); |
| 98 | |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 99 | key->sig_alg = VB2_SIG_INVALID; |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 100 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 101 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 102 | VB2_ERROR_RSA_VERIFY_ALGORITHM, |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 103 | "vb2_rsa_verify_digest() bad key alg"); |
Randall Spangler | c8c2f02 | 2014-10-23 09:48:20 -0700 | [diff] [blame] | 104 | key->sig_alg = orig_key_alg; |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 105 | |
| 106 | key->arrsize *= 2; |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 107 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 108 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
Randall Spangler | b9be536 | 2014-06-05 13:32:11 -0700 | [diff] [blame] | 109 | VB2_ERROR_RSA_VERIFY_SIG_LEN, |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 110 | "vb2_rsa_verify_digest() bad sig len"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 111 | key->arrsize /= 2; |
| 112 | |
| 113 | /* Corrupt the signature near start and end */ |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 114 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 115 | sig[3] ^= 0x42; |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 116 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 117 | VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 118 | |
Randall Spangler | 664096b | 2016-10-13 16:16:41 -0700 | [diff] [blame] | 119 | memcpy(sig, signatures[0], sizeof(sig)); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 120 | sig[RSA1024NUMBYTES - 3] ^= 0x56; |
Randall Spangler | 9504754 | 2014-10-17 16:41:46 -0700 | [diff] [blame] | 121 | TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb), |
| 122 | VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end"); |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 123 | } |
| 124 | |
| 125 | int main(int argc, char *argv[]) |
| 126 | { |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 127 | struct vb2_public_key k2; |
Randall Spangler | 5a9f498 | 2016-10-14 15:37:25 -0700 | [diff] [blame] | 128 | struct vb2_packed_key *pk; |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 129 | |
| 130 | /* Read test key */ |
| 131 | if (argc != 2) { |
| 132 | fprintf(stderr, "Usage: %s <test public key>\n", argv[0]); |
| 133 | return 1; |
| 134 | } |
Randall Spangler | 5a9f498 | 2016-10-14 15:37:25 -0700 | [diff] [blame] | 135 | pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0); |
| 136 | if (!pk) { |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 137 | fprintf(stderr, "Couldn't read RSA public key for the test.\n"); |
| 138 | return 1; |
| 139 | } |
Randall Spangler | 6e3931d | 2016-10-18 15:09:21 -0700 | [diff] [blame] | 140 | if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) { |
Randall Spangler | 5a9f498 | 2016-10-14 15:37:25 -0700 | [diff] [blame] | 141 | fprintf(stderr, "Couldn't unpack RSA public key.\n"); |
| 142 | free(pk); |
| 143 | return 1; |
| 144 | } |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 145 | |
| 146 | /* Run tests */ |
| 147 | test_signatures(&k2); |
| 148 | test_verify_digest(&k2); |
| 149 | |
| 150 | /* Clean up and exit */ |
Randall Spangler | 5a9f498 | 2016-10-14 15:37:25 -0700 | [diff] [blame] | 151 | free(pk); |
| 152 | return gTestSuccess ? 0 : 255; |
Randall Spangler | e166d04 | 2014-05-13 09:24:52 -0700 | [diff] [blame] | 153 | } |